diff options
author | Daniel Borkmann | 2015-02-05 18:44:04 +0100 |
---|---|---|
committer | David S. Miller | 2015-02-07 22:13:10 -0800 |
commit | 364d5716a7adb91b731a35765d369602d68d2881 (patch) | |
tree | 4f7516628df9555580d33e9c6092ba40e9d41c65 /crypto/cipher.c | |
parent | e04449fcf2cd63dec176355a028bd28b4d469be9 (diff) |
rtnetlink: ifla_vf_policy: fix misuses of NLA_BINARY
ifla_vf_policy[] is wrong in advertising its individual member types as
NLA_BINARY since .type = NLA_BINARY in combination with .len declares the
len member as *max* attribute length [0, len].
The issue is that when do_setvfinfo() is being called to set up a VF
through ndo handler, we could set corrupted data if the attribute length
is less than the size of the related structure itself.
The intent is exactly the opposite, namely to make sure to pass at least
data of minimum size of len.
Fixes: ebc08a6f47ee ("rtnetlink: Add VF config code to rtnetlink")
Cc: Mitch Williams <mitch.a.williams@intel.com>
Cc: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'crypto/cipher.c')
0 files changed, 0 insertions, 0 deletions